If you have additions to this file, plase mail To: "'David D. Grisham'" BITNET or dave@ariel.unm.edu Internet A new draft ECMA standard for Security in Open and Distributed systems is available for FTP. This draft standard addresses the problems of security standardisation in applications intended for OSI or ODP environments. Comments are requested on this draft for inclusion in the final version. Comments: To: tcp-ip@sri-nic.arpa, security@pyrite.rutgers.edu Please forward this message to any other groups or individuals who may be interested in this work. The text may be obtained by anonymous FTP from rcole.hpl.hp.com (15.255.61.89) which is in the UK, or from allspice.lcs.mit.edu in the directory ~/pub/ecma-desd, as a tar file containing print files for the individual chapters. Two print file formats are offered: desdps - contains the PostScript version desdlj - contains print files for the HP-Laserjet+ (or better). Compressed versions are also available to ease the transfer problem. So the file choices (and sizes) are: 5253120 Apr 5 13:50 desdlj.tar 1816056 Apr 5 15:34 desdlj.tar.Z 1505280 Apr 5 11:00 desdps.tar 569425 Apr 5 11:12 desdps.tar.Z Note that the document contains pictures as well as text so it is not possible to send the text directly by e-mail. Please note that the document was designed for, and will evenatually be published on, A4 paper. If you must print it on AQ size then you may lose the page numbers. Robert ----------------- Subject: Re: orange book To: security@rutgers.edu The "Orange Book", also known as the Department of Defense Trusted Computer System Evaluation Criteria, is DoD Standard DOD 5200.28-STD. You should be able to get it via this number through the US Goverment Printing Office. As for the other "rainbow" books... the ones I have sitting on my desk are: Colour Number Title Lt. Green CSC-STD-002-85 Department of Defense Password Management Guideline Yellow CSC-STD-003-85 Computer Security Requirements Yellow CSC-STD-004-85 Technical Rationale Behind CSC-STD-003-85: Computer Security Requirements Tan NCSC-TG-001 v.2 A Guide to Understanding AUDIT in Trusted Systems Red-Orange NCSC-TG-003 v.1 A Guide to Understanding DISCRETIONARY ACCESS CONTROL in Trusted Systems Red NCSC-TG-005 v.1 Trusted Network Interpretation of the Trusted Computer System Evaluation Criteria Peach NCSC-TG-006 v.1 A Guide to Understanding CONFIGURATION MANAGEMENT in Trusted Systems Dark Red NCSC-TG-007 v.1 A Guide to Understanding DESIGN DOCUMENTATION in Trusted Systems Grey NCSC-TG-009 v.1 Computer Security Subsystem Interpretation of the Trusted Computer System Evaluation Criteria (if there are ones I am missing, I would like to know) In terms of ordering, I would check with the US Govt Printing Office, or directly with the NCSC. Their address is NCSC, 9800 Savage Road, Fort George G. Meade, MD 20755-6000. Daniel -- Work :The Aerospace Corp M8/055 * POB 92957 * LA, CA 90009-2957 * 213/336-3149 Home :8333 Columbus Avenue #17 * Sepulveda CA 91343 * 818/892-8555 Email:faigin@aerospace.aero.org (or) Faigin@dockmaster.ncsc.mil Voicemail: 213/336-5454 Box#3149 * "Take what you like, and leave the rest"